SECTION=Navigation::SECTION_RESOURCE
before_filter :load_resource
- verify :method => :post, :only => [:save, :delete, :change_status], :redirect_to => {:action => :index}
def index
load_action_plans()
end
def save
+ verify_post_request
options = {'project' => @resource.key, 'name' => params[:name], 'description' => params[:description], 'deadLine' => params[:deadline]}
exiting_action_plan = find_by_key(params[:plan_key]) unless params[:plan_key].blank?
end
def delete
+ verify_post_request
Internal.issues.deleteActionPlan(params[:plan_key])
redirect_to :action => 'index', :id => @resource.id
end
def change_status
+ verify_post_request
action_plan = find_by_key(params[:plan_key])
if action_plan
if action_plan.status == 'OPEN'
SECTION=Navigation::SECTION_CONFIGURATION
- verify :method => :post, :only => [:up, :down, :remove, :add], :redirect_to => {:action => :index}
before_filter :admin_required
before_filter :load_default_dashboards
end
def down
+ verify_post_request
position(+1)
redirect_to :action => 'index'
end
def up
+ verify_post_request
position(-1)
redirect_to :action => 'index'
end
def add
+ verify_post_request
dashboard=Dashboard.find(params[:id])
if dashboard and dashboard.shared?
last_index = @actives.max_by(&:order_index).order_index
end
def remove
+ verify_post_request
if @actives.size<=1
flash[:error]='At least one dashboard must be defined as default.'
else
SECTION=Navigation::SECTION_CONFIGURATION
before_filter :admin_required
- verify :method => :post, :only => [:import], :redirect_to => { :action => :index }
def index
-
end
def export
end
def import
+ verify_post_request
file=params[:file]
xml=read_file(file)
if xml && !xml.empty?
SECTION=Navigation::SECTION_CONFIGURATION
before_filter :admin_required
- verify :method => :post, :only => [:delete_resources], :redirect_to => { :action => :index }
def index
if pending_mass_deletion?
end
def delete_resources
+ verify_post_request
resource_to_delete = params[:resources] || []
resource_to_delete = params[:all_resources].split(',') if params[:all_resources] && !params[:all_resources].blank?
SECTION=Navigation::SECTION_RESOURCE
- verify :method => :post, :only => [:set_layout, :add_widget, :set_dashboard, :save_widget], :redirect_to => {:action => :index}
before_filter :login_required, :except => [:index]
def index
end
def set_layout
+ verify_post_request
dashboard=Dashboard.find(params[:did])
if dashboard.editable_by?(current_user)
dashboard.column_layout=params[:layout]
end
def set_dashboard
+ verify_post_request
load_dashboard()
dashboardstate=params[:dashboardstate]
end
def add_widget
+ verify_post_request
dashboard=Dashboard.find(params[:did])
widget_id=nil
if dashboard.editable_by?(current_user)
end
def save_widget
+ verify_post_request
widget=Widget.find(params[:wid])
#TODO check owner of dashboard
Widget.transaction do
SECTION=Navigation::SECTION_RESOURCE
- verify :method => :post, :only => [:create, :update, :delete, :up, :down, :follow, :unfollow], :redirect_to => {:action => :index}
before_filter :login_required
def index
end
def create
+ verify_post_request
@dashboard=Dashboard.new()
@dashboard.user_id=current_user.id
load_dashboard_from_params(@dashboard)
end
def update
+ verify_post_request
dashboard=Dashboard.find(params[:id])
if dashboard.editable_by?(current_user)
load_dashboard_from_params(dashboard)
end
def delete
+ verify_post_request
dashboard=Dashboard.find(params[:id])
access_denied unless dashboard.editable_by?(current_user)
end
def down
+ verify_post_request
position(+1)
end
def up
+ verify_post_request
position(-1)
end
def follow
+ verify_post_request
dashboard=Dashboard.find(params[:id])
add_default_dashboards_if_first_user_dashboard(dashboard.global?)
end
def unfollow
+ verify_post_request
dashboard=Dashboard.find(params[:id])
add_default_dashboards_if_first_user_dashboard(dashboard.global?)
SECTION=Navigation::SECTION_RESOURCE
before_filter :init_resource_for_admin_role
- verify :method => :post, :only => [:save, :delete], :redirect_to => {:action => :index}
helper MetricsHelper
def index
end
def save
+ verify_post_request
@metric=Metric.by_key(params[:metric])
@measure=ManualMeasure.find(:first, :conditions => ['resource_id=? and metric_id=?', @resource.id, @metric.id])
if @measure.nil?
end
def delete
+ verify_post_request
metric=Metric.by_key(params[:metric])
ManualMeasure.destroy_all(['resource_id=? and metric_id=?', @resource.id, metric.id])
redirect_to :action => 'index', :id => params[:id], :metric => params[:metric]
class ManualRulesController < ApplicationController
before_filter :admin_required
- verify :method => :post, :only => [:create], :redirect_to => {:action => :index}
verify :method => :delete, :only => [:delete], :redirect_to => {:action => :index}
SECTION=Navigation::SECTION_CONFIGURATION
end
def create
+ verify_post_request
access_denied unless is_admin?
begin
if params[:id].to_i>0